---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Event System Privilege Escalation Vulnerabilities SECUNIA ADVISORY ID: SA31417 VERIFY ADVISORY: http://secunia.com/advisories/31417/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system OPERATING SYSTEM: Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Storage Server 2003 http://secunia.com/product/12399/ Microsoft Windows Vista http://secunia.com/product/13223/ Microsoft Windows Server 2008 http://secunia.com/product/18255/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. 1) The Microsoft Windows Event System does not properly validate the range of indexes when calling an array of function pointers. This can be exploited to gain escalated privileges via a specially crafted request. 2) The Microsoft Windows Event System does not properly handle per-user subscription requests. This can be exploited to gain escalated privileges via a specially crafted event subscription request. Successful exploitation of the vulnerabilities may allow execution of arbitrary code with SYSTEM privileges. SOLUTION: Apply patches. Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=1b2ad648-7dc9-407a-99f6-f39922746027 Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=01a34aa4-a456-4efc-a93a-c3c682b0181c Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=246b2686-e330-47a2-b4d4-68f218ad4021 Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyID=92a3d08f-c117-4b24-bc78-2b913d270df6 Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=6bfbb6d8-5106-4adf-83cb-35ffc6e8eaf8 Windows Server 2003 with SP1/SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=45356565-697f-41b3-9879-3edd11dbcb7e Windows Vista (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?familyid=6418c78f-f008-4028-beb1-5a5ea8e797a1 Windows Vista x64 Edition (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?familyid=e03ccfb0-3ea3-4c59-adcf-9882d7086013 Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=0640f95e-1eee-4dd1-b4dd-2b82b7e984b9 Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=51a93538-5e94-4f81-a6e0-d497a7b4899d Windows Server 2008 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=390da130-749d-4890-aad7-be91e15b32bb PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Yamata Li, Palo Alto Networks. 2) Reported by the vendor. ORIGINAL ADVISORY: MS08-049 (KB950974): http://www.microsoft.com/technet/security/Bulletin/MS08-049.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------